Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/ba5LTz6E_24Z-FWHvFExip3Bfu8.roa
File:                     ba5LTz6E_24Z-FWHvFExip3Bfu8.roa (raw, json)
Hash identifier:          78/BEK6gt2JG+WEEQwBhHL/YE4AHR9z4L0gDnYa5BSM=
Subject key identifier:   6D:AE:4B:4F:3E:84:FF:6E:19:F8:55:87:BC:51:31:8A:9D:C1:7E:EF
Certificate issuer:       /CN=ad3b529c9dc9526f099bf16ac89dcc8adfe18240
Certificate serial:       01942444AD8ADC1B4282E62A51E47F25648D
Authority key identifier: AD:3B:52:9C:9D:C9:52:6F:09:9B:F1:6A:C8:9D:CC:8A:DF:E1:82:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/ba5LTz6E_24Z-FWHvFExip3Bfu8.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43366
IP address blocks:        185.161.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ad:8a:dc:1b:42:82:e6:2a:51:e4:7f:25:64:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad3b529c9dc9526f099bf16ac89dcc8adfe18240
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dae4b4f3e84ff6e19f85587bc51318a9dc17eef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:44:28:21:d9:89:79:8b:64:94:68:76:ea:9d:
                    8b:2b:61:48:43:5d:4b:13:7a:66:cb:38:66:22:6d:
                    e7:2f:b3:5d:9c:1a:0f:a4:d6:94:f7:a5:18:1f:25:
                    b8:e1:2c:ae:6c:54:bd:90:a1:12:b1:2a:78:02:1c:
                    13:62:54:df:ba:1f:40:30:1d:fa:f5:92:6e:ef:95:
                    30:c2:ed:01:c7:60:b5:87:90:b8:98:a0:10:86:74:
                    bc:79:4b:9c:89:ba:38:87:b7:76:58:87:07:3f:59:
                    67:92:b3:4c:28:ca:12:37:1f:86:63:71:47:b3:27:
                    e8:d0:ef:80:5e:cb:85:3b:d6:85:71:b5:69:a0:a5:
                    65:21:2d:41:7b:41:f2:85:91:7d:81:93:e4:39:5a:
                    76:92:39:51:72:09:d1:30:c8:f1:5d:ab:ba:0f:b4:
                    a9:89:f0:5f:39:a9:fb:2e:f8:9f:e1:b5:b3:d3:55:
                    1a:4d:51:11:9a:fe:c7:15:55:07:46:d9:07:a5:4f:
                    db:fd:e8:ac:ce:07:87:d7:c8:d8:f7:18:96:8b:fc:
                    36:fe:08:63:a0:cf:f7:f8:34:7b:78:d6:8f:99:06:
                    96:8f:ab:25:50:c0:da:8c:8a:c8:2a:7a:54:0b:0f:
                    bf:c5:fb:d1:7e:98:7c:95:0d:ac:4b:2f:66:33:8f:
                    85:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:AE:4B:4F:3E:84:FF:6E:19:F8:55:87:BC:51:31:8A:9D:C1:7E:EF
            X509v3 Authority Key Identifier:
                keyid:AD:3B:52:9C:9D:C9:52:6F:09:9B:F1:6A:C8:9D:CC:8A:DF:E1:82:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/ba5LTz6E_24Z-FWHvFExip3Bfu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:97:eb:00:49:77:82:95:e4:5c:42:7e:0a:39:78:cc:4b:c2:
         d5:04:58:41:47:a8:10:1c:9b:96:ec:26:e2:bb:b7:a2:78:d8:
         08:b4:13:62:8c:50:86:1c:4e:bc:48:00:11:e9:e6:9e:82:f9:
         e4:f0:10:9a:c2:12:4c:66:da:09:34:07:b8:b4:70:8f:a1:9b:
         4b:65:56:f4:97:00:df:50:8e:4f:b8:02:1e:a7:e0:5b:1c:11:
         74:7e:87:16:11:34:18:f2:57:cf:bd:ea:d7:ab:9e:c5:8a:01:
         17:ec:ad:b6:e5:0a:af:eb:c6:66:ef:bb:5f:ef:6d:a9:46:f5:
         af:70:b7:d8:3c:ef:99:43:57:94:39:b4:9d:41:b7:b3:c4:4b:
         1e:13:13:6a:b1:02:a6:c8:e3:34:de:c0:cf:2d:a3:1f:57:64:
         0e:1e:13:88:e6:8c:32:c7:59:b1:eb:37:af:3c:e9:1f:26:99:
         1b:2c:1a:38:9a:90:77:b1:f8:02:06:d8:c2:8f:9e:8a:99:ad:
         d7:34:85:e7:0d:82:b5:a1:cf:50:3c:0e:08:24:3c:e0:8a:9b:
         ed:4c:60:7c:e4:79:ef:3e:0f:b5:4d:d9:91:18:a5:6f:5d:85:
         3c:be:95:4c:5e:4b:f5:e0:55:ee:f7:01:32:b4:55:42:ba:15:
         b7:1c:4f:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRK2K3BtCguYqUeR/JWSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkM2I1MjljOWRjOTUyNmYwOTliZjE2YWM4OWRjYzhhZGZl
MTgyNDAwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGFlNGI0ZjNlODRmZjZlMTlmODU1ODdiYzUxMzE4YTlkYzE3ZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEQoIdmJeYtklGh26p2LK2FIQ11L
E3pmyzhmIm3nL7NdnBoPpNaU96UYHyW44SyubFS9kKESsSp4AhwTYlTfuh9AMB36
9ZJu75Uwwu0Bx2C1h5C4mKAQhnS8eUucibo4h7d2WIcHP1lnkrNMKMoSNx+GY3FH
syfo0O+AXsuFO9aFcbVpoKVlIS1Be0HyhZF9gZPkOVp2kjlRcgnRMMjxXau6D7Sp
ifBfOan7Lvif4bWz01UaTVERmv7HFVUHRtkHpU/b/eiszgeH18jY9xiWi/w2/ghj
oM/3+DR7eNaPmQaWj6slUMDajIrIKnpUCw+/xfvRfph8lQ2sSy9mM4+FOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2uS08+hP9uGfhVh7xRMYqdwX7vMB8GA1UdIwQY
MBaAFK07UpydyVJvCZvxasidzIrf4YJAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclR0U25KM0pVbThKbV9GcXlKM01pdF9oZ2tBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hNjNmZDgtOWIzNi00OTZkLWI2ZTIt
YjIwZWJlNTk1NDc1LzEvYmE1TFR6NkVfMjRaLUZXSHZGRXhpcDNCZnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hNjNmZDgtOWIzNi00OTZkLWI2ZTItYjIwZWJlNTk1NDc1
LzEvclR0U25KM0pVbThKbV9GcXlKM01pdF9oZ2tBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaGMMA0G
CSqGSIb3DQEBCwUAA4IBAQBkl+sASXeCleRcQn4KOXjMS8LVBFhBR6gQHJuW7Cbi
u7eieNgItBNijFCGHE68SAAR6eaegvnk8BCawhJMZtoJNAe4tHCPoZtLZVb0lwDf
UI5PuAIep+BbHBF0focWETQY8lfPverXq57FigEX7K225Qqv68Zm77tf722pRvWv
cLfYPO+ZQ1eUObSdQbezxEseExNqsQKmyOM03sDPLaMfV2QOHhOI5owyx1mx6zev
POkfJpkbLBo4mpB3sfgCBtjCj56Kma3XNIXnDYK1oc9QPA4IJDzgipvtTGB85Hnv
Pg+1TdmRGKVvXYU8vpVMXkv14FXu9wEytFVCuhW3HE/I
-----END CERTIFICATE-----